Risk Management | Corporate Governance | Philosophy | ASUS ESG website, ASUS ESG goal
Risk Management
In view of the increasingly complex risks faced by enterprises in their operations, which test the risk prevention capabilities and emergency response and recovery capabilities of enterprises, in order to enable the enterprise risk management mechanism to form good protection, identify possible future challenges, enterprises must take preventive measures early to avoid being affected, ensure that they are capable of dealing with threats and have the ability to continue operations, demonstrating organizational resilience."
Risk Management Policy
- Proactively deploy management measures in response to risk threats.
- Demonstrate organizational resilience and ensuring operational continuity.
 }}){kind=icon}
Goals
- Establish Key Risk Indicators (KRI) for real-time monitoring.
- Establish short, medium and long-term risk prevention plans,and review and improve them on a regular basis.
- Continuously strengthen various emergency response strategies and execute regularly drills
Business Continuity Management Committee
To ensure more comprehensive and routine risk management, ASUS established the Business Continuity Management (BCM) Committee to focus on critical risks that are not urgent. We actively identify possible future hazards and ensure that we can respond to threats and maintain continuous operations.
The BCM Committee summarizes the annual risk management report and submits the BCM management performance to the board of directors at least once a year. On July, 2023, the BCM policies and procedures, the organizational structure and management scope of the BCM Committee, and the annual operation summary were reported to the board of directors.
The company constructs risk operations across all management systems in accordance with the requirements of the ISO 31000 risk management system and conducts third-party verification and internal audits annually.
| Organization | Role |
|---|---|
| Board of Directors | Oversees the strategy development of the BCM Committee |
| Co-Chief Executive Officers (co-CEOs), Chief Operating Officer (COO), and senior business executives | Implement joint supervision, review and establish protection mechanisms in daily operations |
| Taskforce Units (TUs) | Responsible for monitoring risk trends and preventive risk management in all areas, and are responsible for developing quantifiable KRI( Key Risk Indicator) and risk prevention plans. When the risk occurs, they must respond immediately and establish an emergency contingency plan to minimize the impact and disruption time. |
Risk Management procedure
Step.1
Collect risk issues
Step.2
Analyze risk issues
Step.3
Conduct risk management activities
Step.4
Conduct regular reviews and improvements
The BCM Committee presented to the Board of Directors in July 2022 for the approval of the risk management policies and objectives, management Scopes, organizational structure and Risk Management procedure, all of which are defined in the ASUS Enterprise Risk Management Standard.
Step.1
Collect risk issues
Identify relevant risk issues based on international reports, industry benchmarks, stakeholder concerns, company needs, as well as the requirements from the BCM committee and board of directors.
Step.2
Analyze risk issues
Risk Assessment Procedures
Risk Value Calculation
Risk Appetite
In response to the risks posed by changes in the internal and external environment, the company conducts two annual risk value reviews: The first is a written review, conducted in July 2023; the second is an on-site review, conducted in March 2024. This ensures that the designated risk tolerance levels and mitigation actions remain up-to-date and relevant.
Emerging Risk Identification Procedures
Step.1
Collect international risk trends
Step.2
All BCM units identify risks
Step.3
Identify emerging risks and analyze impacts
Step.4
Pay attention to emerging risks and establish an adaptation plan
Step.3
Conduct risk management activities
Risk aspects
Stabling Organization Operation
External Communication
Information security
Sustainable development
Innovation development
Stabilizing supply chain
Financial Resilience
Business Risk
Customer Service
Management activities
Key Risk Indicators (KRI)
Risk Prevention Plans
Business Continuity Planning(BCP)
Step.4
Conduct regular reviews and improvements
Develop a management plan for high-risk events and incorporate it into regular reviews.
Major Risk Issues and Mitigating Actions
Cloud Security
In today's digital environment, establishing a cloud security management system is key to the success of enterprises, ensuring the confidentiality, availability, and integrity of cloud data
The total expenditure on cloud services is increasing, and remote services are becoming quite prevalent. It is essential to ensure the confidentiality, availability, and integrity of data processing/storage in cloud services.
- Establish configuration security standards, detect configuration security
- Strengthen key cloud systems
- Regular vulnerability scanning and patching
- Master and visualize public cloud services
- Establish cloud security management systems, audit the implementation of information security protection by user units and vendors
Climate and Carbon management
Effective climate and carbon management can reduce the potential risks and impacts of climate change and carbon emissions on business operations.
ASUS pledges that by 2035, 100% of its global locations will utilize renewable energy. However, the domestic renewable energy market faces supply-demand imbalances. Failure to proactively establish infrastructure may lead to increased operational costs and could even impact orders.
- Establish carbon reduction goals and create a carbon inventory platform
- Plan pathways for renewable energy adoption
- Enhance the proportion of low-carbon indicators among suppliers, including the percentage of suppliers certified by third parties for ISO 14064/ISO 50001, the proportion meeting SBT carbon reduction goals, and the use of renewable energy at a ratio of RE40 to RE65
We evaluated each impact of emerging risk and identified two major emerging risks of concern to ASUS, including Generative AI and geopolitical instability leading to supply chain disruptions risks. We then began related adaptation actions for each type of incident.
Emerging Risk
Generative AI
The importance of generative AI technology in the business environment is increasingly evident. Failing to adapt to this technology may put companies at a disadvantage in the market, resulting in adverse effects on their long-term development.
The failure to implement generative AI technology may entail multiple risks, including competitive disadvantages, decreased productivity and operational efficiency, subpar customer experiences, hindered innovation, and increased data security risks. These issues could lead to declining market competitiveness, decreased customer satisfaction, missed opportunities for efficiency improvements and innovation, and potential exposure to security breaches. Furthermore, with the increasing frequency of hackers utilizing technologies such as artificial intelligence and machine learning for attacks, businesses face even greater security risks.
- Bringing together the hardware and software resources of ASUS Group, we are fully committed to AI applications, collaborating closely with industry giants such as AMD, NVIDIA, Microsoft, Intel, and Qualcomm to jointly develop generative AI applications, leading the comprehensive AI trend
- Developing generative AI solutions, we are entering the realm of large enterprises from supercomputing power and cloud services, integrating AI into all aspects of operations. This strategy encompasses cloud and supercomputing services, edge devices, LLM, and smart applications, with a comprehensive layout of AI products including servers, PCs, phones, AIoT devices, and more
- Establishing the GAI Committee to drive cross-department exploration of application scenarios and develop GAI application projects
- Establishing the GAI Academy to provide colleagues with different needs access to the latest AI skills, and offering GAI trend lectures to understand the latest trends and application scenarios of GAI technology
- Introducing protective measures to critical resource endpoints and optimizing the self-built threat intelligence platform
- Conducting regular security drills, simulating intrusion attacks and defenses through red team exercises
Geopolitical instability leading to supply chain disruptions
Geopolitical risks have led to disruptions in the supply chain, affecting business operations and production, potentially resulting in material shortages, production interruptions, and cost increases.
The increase in geopolitical risks has led to supply chain disruptions. Due to excessive concentration of production bases, trade disruptions may result in shortages of raw materials, production halts, and cost escalation. With the international situation remaining uncertain, countries continue to adjust import and export regulations, potentially leading to trade conflicts, political instability, and international sanctions, impacting company finances, reputation, and competitiveness.
- Strengthening supplier risk management involves not only establishing ASUS' Supply Chain Disruption Continuity Plan but also promoting the enhancement of Business Continuity Management (BCM) control maturity within the supply chain, assisting suppliers in establishing operational continuity plans for various risk scenarios
- Implementing cross-regional production diversification and sourcing from multiple suppliers to reduce reliance on a single region or supplier and mitigate geopolitical risks
- Establishing a program for high-risk product sourcing from third-party suppliers in different locations
- Establishing compliance management processes related to geopolitical issues
- Developing requirements for supply chain operational continuity management and integrating them into daily management practices to enhance awareness of supply chain risk management
ASUS Risk Management Principles Training
| Risk management principles training | Objects | Frequency |
|---|---|---|
| 1. [Risk Trend] International Risk Trend | BCM Taskforce Unit members | Annual recurrent training |
| 2. [Operational Risk] Corporate Risk Assessment Tool | BCM Taskforce Unit members | Annual recurrent training |
| 3. [Quality Risk] Quality Management System and Hazardous-Substance training | All employees | Annual recurrent training |
| 4. [ESH Risk] Occupational Safety and Health Training | All employees | Annual recurrent training |
| 5. [Code of Conduct Risk] Employee code of conduct | All employees | Annual recurrent training |
| 6. [Information Security Risk] General education on information security-Common information security threats | All employees | Annual recurrent training |
